Tag Content at the Point of Creation
Enabling Content Security and Compliance
Companies are struggling to ensure that the overwhelming amount of content generated in the enterprise is secure and meets increasingly strict information compliance requirements. Ensuring that they can enforce information management policies regarding compliance and security is now top-of-mind for corporate IT organizations. At the same time, information workers lose productivity when they are unable to easily find, share or even disclose the proper versions of content required when bringing new products to market, especially when subject to regulatory oversight. By providing information workers with the ability to tag and categorize content consistently at the time it is created, enterprises can ensure content is stored in the correct document library and is classified properly so required workflows, retention schedules and security policies are applied.
Consistent Tagging Across the Enterprise
Enforcing security policies. Enterprises need to ensure that content remains secure. For example, a simple set of document tags defining security levels applied at the time of document creation provides users with the ability to classify content while providing IT organizations with the ability to identify and control who can access the content once it’s stored in the proper location.
The application of security tags should be fully integrated with the document creation workflow in order to ensure that tags are applied consistently with minimal burden to the user. It must be easy for IT organizations to design, deploy and update the definitions of the security tags. Both of these requirements need to be met regardless of where the document is destined to reside throughout its lifecycle, including on the desktop in file shares, or in a content repository such as SharePoint.
Document retention and lifecycle management. Document or records retention and lifecycle management is a critical issue for all large enterprises, but it is especially important for companies in regulated industries such as life sciences, where clinical trial results and other critical research and testing information must be rigorously managed, but readily available, to the enterprise. By consistently tagging this content at the desktop, the ability to manage this content throughout its lifecycle is enabled.
File or records plans. File plans define a set of document types and storage locations for the enterprise. IT organizations design file plans, but they are difficult to enforce across all the content created in the enterprise. Tagging provides the content creator a means to classify the document against a required file plan when it is created; therefore ensuring that all content enters the proper repository and the appropriate information management and archiving policies can be applied.
Regulatory compliance. In regulated environments it is especially critical to ensure that content which falls under scrutiny is maintained in a known location and can be retrieved in a complete fashion when necessary. The cost of responding to a single regulatory-driven inquiry can be extremely expensive with penalties for faulty or incomplete disclosure. Thus, it is critical that required content can be retrieved quickly and completely. By ensuring that content subject to regulatory scrutiny is properly classified with tags and metadata at the desktop, the required storage locations, workflows and security policies can be applied and companies are able to locate and manage this content across a variety of document libraries and other repositories.
Workflow assignment. Assigning workflows and retention policies to content is critical to managing release, approval, maintenance and obsolescence of the content throughout its lifecycle. Classifying content at the point of creation can ensure that the proper content type and associated workflows are applied when the content is moved into a lifecycle management process.
Content findability. Although search engines can provide a fair approximation based on the content in the document, tagging greatly improves search relevance and ensures that critical information can be found. By applying security and compliance tags to content, in addition to automatically tagging the document with other business specific keywords and synonyms, search engine relevance is greatly improved. Search engine indexing assigns a high degree of relevance to document keywords, and search queries run against specific security tags will provide a complete and accurate set of results.
Deploying the Solution
Enabling consistent content security and compliance use cases begins with building a tagging vocabulary for the enterprise. This starts with the analysis and consideration of existing records and file plans, business classification and existing metadata. These sources of metadata can then be assimilated into a controlled vocabulary for tagging. Integrating the maintenance and deployment of the tagging metadata across a common platform such as Microsoft SharePoint Server 2010 and Office creates consistency and greatly simplifies the deployment.
The use of controlled vocabularies to build and maintain tagging sets provides organizations with the capability to ensure that tag sets are designed appropriately, and can be assigned across user groups, regions and languages. These tagging sets can also include required tag sets that ensure user review and application of the required tags as part of the document creation process. The system must provide as much automation as possible using a tagging vocabulary that is consistent but can be easily updated and maintained as they are extended and changed. Users also need the ability to easily create and add their own tags as necessary so there is an appropriate balance between control, flexibility and enforcement to ensure that the tagging system is truly usable in a corporate environment.
Establishing and implementing corporate information management policies is an ongoing process of continual improvement. Implementing a content tagging system early in the process can ensure proper and consistent document classification at the point of creation. Consistent application of these tags at the information worker’s desktop—when content is being created—ensures that the appropriate workflows, retention policies and security can be applied to each piece of content and that content can be located and managed appropriately throughout its lifecycle regardless of the repositories, workflows and retention policies that may be implemented in the future.
For more information about SchemaLogic, call: 425-885-9695 or visit www.schemalogic.com.